Hidden Process Detection System Based on Hardware-Assisted Virtualization

Author

Xuexiang Li ; Xue-Qing An ; Wenning Zhang

Author_Institution

Software Sch., Zhengzhou Univ., Zhengzhou, China

fYear

2013

fDate

20-22 Sept. 2013

Firstpage

48

Lastpage

50

Abstract

Hidden process detection is an important issue in information security area. Based on hardware-assisted virtualization, the system proposed in this paper can monitor guest operating system (Guest OS) via the highest privilege level of Virtual Machine Monitor (VMM). It realizes functions of detection, creation monitoring and termination of hidden processes, even for malicious Root kit processes in kernel. Comparing to popular process detection tools using hook functions or relying on unpublicized data structures, the optimized system doesn´t depend on any hook function and destroy any data structure of OS, making it much more efficient and better in the area of hidden processes detection.

Keywords

computerised monitoring; invasive software; operating system kernels; virtual machines; virtualisation; VMM; data structure; guest OS monitoring; guest operating system monitoring; hardware-assisted virtualization; hidden process detection system; hidden process monitoring creation function; hidden process termination function; information security area; kernels; malicious Rootkit processes; privilege level; virtual machine monitor; Data structures; Kernel; Monitoring; Process control; Switches; Virtualization; detection system; hardware-assisted virtualization; hidden process; information security; virtual machine monitor (VMM);

fLanguage

English

Publisher

ieee

Conference_Titel

Internet Computing for Engineering and Science (ICICSE), 2013 Seventh International Conference on

Conference_Location

Shanghai

Type

conf

DOI

10.1109/ICICSE.2013.17

Filename

6680053